Skip to content

Add sign in with microsoft #13425

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 10 commits into
base: develop
Choose a base branch
from
Open

Add sign in with microsoft #13425

wants to merge 10 commits into from
+120 −8

Conversation

PabloBuchu
Copy link
Contributor

Pull Request Description

This PR adds a button for users to signing with Microsoft Entra ID.

Important Notes

Checklist

Please ensure that the following checklist has been satisfied before submitting the PR:

  • The documentation has been updated, if necessary.
  • Screenshots/screencasts have been attached, if there are any visual changes. For interactive or animated visual changes, a screencast is preferred.
  • All code follows the
    Scala,
    Java,
    TypeScript,
    and
    Rust
    style guides. In case you are using a language not listed above, follow the Rust style guide.
  • Unit tests have been written where possible.
  • If meaningful changes were made to logic or tests affecting Enso Cloud integration in the libraries,
    or the Snowflake database integration, a run of the Extra Tests has been scheduled.
    • If applicable, it is suggested to paste a link to a successful run of the Extra Tests.

AdRiley
AdRiley reviewed Jul 3, 2025
View reviewed changes
PabloBuchu
PabloBuchu commented Jul 3, 2025
View reviewed changes
@PabloBuchu PabloBuchu added the CI: No changelog needed Do not require a changelog entry for this PR. label Jul 7, 2025
@PabloBuchu PabloBuchu added the CI: Ready to merge This PR is eligible for automatic merge label Jul 7, 2025
somebody1234
somebody1234 approved these changes Jul 7, 2025
View reviewed changes
Copy link
Contributor

@somebody1234 somebody1234 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CR ✅

Frizi
Frizi requested changes Jul 11, 2025
View reviewed changes
app/gui/src/authentication/cognito.ts
// When using Microsoft we need to first invalidate auth0 and windows live sessions before calling cognito.
const session = await amplify.Auth.currentSession()
const identities = session.getIdToken().decodePayload()['identities']
const providerName = identities?.length ? identities[0]['providerName'] : undefined
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
const providerName = identities?.length ? identities[0]['providerName'] : undefined
const providerName = identities?.[0]?.['providerName']

app/gui/src/authentication/cognito.ts
/**
* Sign in via the Microsoft federated identity provider.
*
* This function will open the GitHub authentication page in the user's browser. The user will
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Comment talks about github

app/gui/src/authentication/cognito.ts
const identities = session.getIdToken().decodePayload()['identities']
const providerName = identities?.length ? identities[0]['providerName'] : undefined
if (providerName === MICROSOFT_PROVIDER) {
window.open($config.MICROSOFT_SIGN_OUT_URL, '_blank')
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not calling Auth.signOut() for microsoft provider here looks incorrect. This at least needs an comment explaining that the expected outcome of opening that window is that we will eventually hit a //auth/federated deeplink handler.

I believe this logic now introduces a subtle but consequential bug - the promise returned from this function will resolve too early. It won't actually wait for the signOut to happen. The microsoft branch should return a promise that actually waits for the expected deeplink handler to be hit and processed properly. At that point the actual signOut logic could actually continue running in this function, instead of inside the deeplink handler. That would avoid duplication of following code.

Also, what happens if the user closes that window before it had a chance to do anything?

app/gui/.dev-env Outdated
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This reverts a submodule update. Probably by accident?

@somebody1234 somebody1234 removed the CI: Ready to merge This PR is eligible for automatic merge label Jul 16, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@AdRiley AdRiley AdRiley left review comments

@Frizi Frizi Frizi requested changes

@somebody1234 somebody1234 somebody1234 approved these changes

@farmaazon farmaazon Awaiting requested review from farmaazon farmaazon is a code owner

@vitvakatu vitvakatu Awaiting requested review from vitvakatu vitvakatu is a code owner

@kazcw kazcw Awaiting requested review from kazcw kazcw is a code owner

@indiv0 indiv0 Awaiting requested review from indiv0 indiv0 is a code owner

@jdunkerley jdunkerley Awaiting requested review from jdunkerley jdunkerley is a code owner

@hubertp hubertp Awaiting requested review from hubertp hubertp is a code owner

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
CI: No changelog needed Do not require a changelog entry for this PR.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@PabloBuchu @Frizi @AdRiley @somebody1234